Updating Firmware on Dells servers should be done in a certain order as per this article: https://www.dell.com/support/article/uk/en/ukbsdt1/how10160/dell-poweredge-update-server-firmware-for-optimal-performance?lang=en

Order: iDRAC Firmware PERC Drivers PERC Firmware HBA Drivers HBA Firmware NIC Driver NIC Firmware BIOS Firmware Power Supply Firmware Hard Disk Drive Firmware LifeCycle Controller Firmware Chipset Drivers/Firmware

Get Service Tag

wmic bios get serialnumber

Update Certificate on iDrac

1
2
3
4
5
6
7
8
9
10
11
12
racadm -r <ip of idrac> -u <username> -p <password> sslkeyupload -t 1 -f filename.key
racadm -r <ip of idrac> -u <username> -p <password> sslcertupload -t 1 -f filename.cer
From <https://serverfault.com/questions/485426/install-existing-ssl-certificate-on-dell-idrac7>
racadm sslkeyupload -t 1 -f server-drac.key
racadm sslcertupload -t 1 -f server-drac.cer
# Once you update iDRAC firmware to 1.30.30 you can use following command to change iDRAC NIC selection from shared to dedicated mode
racadm set iDRAC.NIC.Selection 1
# If iDRAC have old firmware(less than 1.30.30) then you can use below command to change iDRAC nic mode
racadm config -g cfgLAnNetworking -o cfgNicSelection 1
#To get help of groups and supported values for various objects in group you can run below commands
racadm help iDRAC.NIC
racadm help cfgLanNetworking

Remove VLAN tagging from Drac

1
racadm config -g cfglannetworking -o cfgnicvlanenable 0
1
2
3
4
5
racadm tlsEncryptionStrength set 1webserverrestart
racadm getconfig -g cfgLanNetworking
racadm config -g cfgLanNetworking -o cfgNicEnable 1
racadm getconfig -g cfgRacSecurity
racadm config -g cfgRacSecurity -o cfgRacSecCsrKeySize 2048

DellBIOSProvider

1
2
3
4
5
Get-DellBiosSettings
#### Get to find value
(Get-Item -Path DellSmbios:\Security\SmmSecurityMitigation).CurrentValue
#### Set doesn’t work
Set-Item -Path DellSmbios:\Security\SmmSecurityMitigation -Value "Disabled" -Password "biospassword"